Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Best practices for sugroups for root ? backdoor user access ?
Operating Systems AIX Best practices for sugroups for root ? backdoor user access ? Post 303020504 by maraixadm on Saturday 21st of July 2018 12:42:00 PM
Old 07-21-2018
Quote:
Originally Posted by rbatte1
Could you not have multiple groups defined in the sugroups= field for the root account and add a group that ONLY has your backdoor account in? I'm pretty sure it is a comma separated list but I don't have access to AIX servers any more so i can't test it.

I hope that this helps,
Robin
Thank you, I think that's where I'm headed, I'm just wondering if there's a best practice, or if when security calculus is applied to this exercise, a flashing light goes on about some hole that this might create or that's woven into the fabric of having a backdoor user who has access (even requiring a password) to root. "I never thought of that" is a common reaction for me to reading about exploits, so I'd rather not facilitate one...

thanks for your help!
 

10 More Discussions You Might Find Interesting

1. HP-UX

user commands without root access

Hi I have been asked to find out how to 1) create users 2) reset passwords 3) kill processes that may require root privileges without having root password, sudo rights or rights to passwd command Any ideas? Thanks in advance (1 Reply)
Discussion started by: emealogistics
1 Replies

2. Solaris

I can not access root user through LAN

Dear i have installed Solaris 10 on SUN V240 after installation i can not access system through root user if i access system through any other user it conects but root is not connecting through LAN if i connect through SC and then access root though cosole -f command it also works kindly... (6 Replies)
Discussion started by: rizwan225
6 Replies

3. Shell Programming and Scripting

access user history as root

Hi, I need to access a user's command history. However, the dilemma is that he is logged in and so his current history is not yet flushed to .bash_history file which gets flushed when he logs out. Is there a way I can still access his most recent history? thank you, S (4 Replies)
Discussion started by: sardare
4 Replies

4. UNIX for Dummies Questions & Answers

How to allow access to some commands having root privleges to be run bu non root user

hi i am new to unix and i have abig task. i have to \run particular commands having root privileges from a non root user. i know sudo is one of the way but i need sum other approach kindly help Thanks (5 Replies)
Discussion started by: suryashikha
5 Replies

5. Shell Programming and Scripting

Urgent Help...Pseudo-Device provides a Backdoor Entry to root.

Can Anybody help to create a pseudo-device and write a device driver for it. The pseudo-device provides a “backdoor” for gaining root access for a particular user. Instead of compiling the device driver into the kernel. Modules are object binaries that can be dynamically loaded into the kernel. ... (1 Reply)
Discussion started by: nyjilgeorge1
1 Replies

6. Homework & Coursework Questions

The pseudo-device provides a “backdoor” for gaining root access for a particular user.

Problem statement. In this part of the assignment, delegates will create a pseudo-device and write a device driver for it. The pseudo-device provides a “backdoor” for gaining root access for a particular user. Instead of compiling the device driver into the kernel, delegate will create a module.... (1 Reply)
Discussion started by: nyjilgeorge1
1 Replies

7. Cybersecurity

Linux Universal Packet/Ham Radio Backdoor - root!

Tails (LiveCD) is crap, and I'm being nice here. Bloated, contains HAMRADIO and PACKET RADIO modules which no one in their right mind would use on a distro aimed at Tor use, I don't even believe 1% of Linux users use them, yet they're generated right there in the directories. Google about ham radio... (0 Replies)
Discussion started by: chipinmybrain
0 Replies

8. Shell Programming and Scripting

How to give root access to non root user?

Currently in my system Red Hat is installed. And Many user connect to my machine via SSH Techia Terminal. I want to give some users a root level access. Can anyone please help me how to make it possible. I too searched on the Google but didn't find the correct way Regards ADI (4 Replies)
Discussion started by: adisky123
4 Replies

9. Solaris

Sudo access of rm to non-root user

Hello, It is Solaris-10. There is a file as /opt/vpp/dom1.2/pdd/today_23. It is always generated by root, so owned by root only. This file has to be deleted as part of application restart always and that is done by app_user and SA is always involved to do rm on that file. Is it possible to give... (9 Replies)
Discussion started by: solaris_1977
9 Replies

10. UNIX for Advanced & Expert Users

Non root user access to /dev/mem

Hi All, I have to install an application which needs access to system BIOS information. The application needs to be installed by non root user. How would i grant read privileges of /dev/mem file to the non root user so that it can capture system BIOS information while running the application?... (13 Replies)
Discussion started by: Soumyadip Dutta
13 Replies

LEARN ABOUT DEBIAN

dirvish

DIRVISH(8)						      System Manager's Manual							DIRVISH(8)

NAME

       dirvish - Disk based virtual image network backup system

SYNOPSIS

       dirvish --vault vault [ OPTIONS ]

DESCRIPTION

       Create a backup image of a client directory tree.

       Each  image  is	a directory containing transfer log, summary, tree and if transfer errors were detected an rsync_error file.  The transfer
       log retains the the output of any pre and post processing commands and the rsync log listing all files that were changed or added with some
       statistical  information.   The	summary  file  contains all the information about how the image was created and meta-data for managing the
       image in config file format.  Tree is the copy of the client tree.

       The client directory tree is compared with an existing image to create a new image.   Unchanged	files  are  shared  between  images.   For
       changed	files only those parts that actually change are transfered over the network.  Unchanged portions of files are copied from the ref-
       erence image.

       The resulting images contain complete copies of the original trees preserving ownership and file permissions.  In this way even though  the
       backups are made incrementally, each image can be used independently for restores or to make removable-media off-site copies or archives.

       The removal of an image will have no effect on other images.

OPTIONS

       Each option on the command line may be specified any number of times.  Those options that support lists in the config files will accumulate
       all of their arguments otherwise each specification will override the ones before.

       As configuration files are loaded they may override options on the command line.

       Each option may be unambiguously abbreviated.

       --branch [vault:]branch_name
	      Specify a branch to use.

	      A branch is a sequence of images.

	      If a vault has been specified either here or with --vault the first time this option is used it will attempt to load the config file
	      branch_name or branch_name.conf from the vault.

       --config config-file
	      Load options from the specified file.

	      If this precedes --vault the --vault option will not load it's own config file.

	      If  vault has been set and config-file is a bare filename the presence of one in the vault will take precedence over one in the cur-
	      rent directory.  To specify one in the current directory after --vault use ./ to precede the name.

	      The master configuration file will be read prior to processing options.

       --expire expire_date
	      Specify a time for the image to expire.

	      See Time::ParseDate(3pm) for details.

	      This does not actually expire anything.  What it does do is add an Expire: field to the image summary file  containing  an  absolute
	      time so that a dirvish-expire or another tool outside of dirvish can decide when to remove old images.

       --image image_name
	      Specify a name for the image.

	      image_name is passed through POSIX::strftime

	      See strftime(3) for details.

       --image-time parsedate_expression
	      Time to use when creating the image name.

	      If an absolute time without a date is provided it will be forced into the past.  If this isn't set the current time will be used.

	      See Time::ParseDate(3pm) for details.

       --init Create an initial image.

	      Create the image entirely from the source tree without the use of a reference image.

       --no-run

       --dry-run
	      Don't actually do anything.

	      Process all configuration files, options and tests then produce a summary/configuration file on standard output and exit.

       --reference branch_name|image_name
	      Specify an existing image or a branch from which to create the new image.

	      If  a  branch_name  is specified, the last existing image from its history file will be used.  A branch will take precedence over an
	      image of the same name.

       --reset option
	      Reset the values in an accumulating option.

       --summary  short|long
	      Specify summary format.

	      A short summary will only include final used values.  A long summary will include all configuration values.

	      Default value: short

       --vault vault[:branch_name]
	      Specify the vault to store the image in.

	      If not preceeded by --config this will attempt to load the config file default or default.conf within the vault.

	      If branch_name is specified here this will behave exactly like the --branch option  and  branch_name  or	branch_name.conf  will	be
	      attempted instead of default.conf.

       --version
	      Print version string and exit.

EXIT CODES

       To  facilitate further automation and integration of dirvish with other tools dirvish provides rationalised exit codes.	The exit codes are
       range based.  While the code for a specific error may change from one version to another it will remain within  the  specified  range.	So
       don't test for specific exit codes but instead test for a range of values.  To the degree possible higher value ranges indicate more severe
       errors.

       0      success

       1-19   The backup job reported warnings.

       20-39  An error occurred during index generation and cleanup.

       40-49  A post-client or post-server command could not be run.

       50-59  The post-client command reported an error.  Its exit code modulo 10 is added to 50

       60-69  The post-server command reported an error.  Its exit code modulo 10 is added to 60

       70-79  A post-client or post-server command could not be run.

       80-89  The pre-server command reported an error.  Its exit code modulo 10 is added to 80

       90-99  The pre-server command reported an error.  Its exit code modulo 10 is added to 90

       100-149
	      Rsync encountered a non-fatal error.

       150-199
	      Rsync encountered a fatal error.

       200-219
	      An error was encountered in loading a configuration file.

       220-254
	      An error was detected in the configuration.

       255    Incorrect usage.

FILES

       /etc/dirvish/master.conf
	      alternate master configuration file.

       /etc/dirvish.conf
	      master configuration file.

       /etc/dirvish/client[.conf]
	      client configuration file.

       bank/vault/dirvish/default[.conf]
	      default vault configuration file.

       bank/vault/dirvish/branch[.conf]
	      branch configuration file.

       bank/vault/dirvish/branch.hist
	      branch history file.

       bank/vault/image/summary
	      image creation summary.

       bank/vault/image/log
	      image creation log.

       bank/vault/image/tree
	      actual image of source directory tree.

       bank/vault/image/rsync_error
	      Error output from rsync if errors or warnings were detected.

SEE ALSO

       dirvish.conf(5)
       dirvish-runall(8)
       dirvish-expire(8)
       dirvish-locate(8)
       ssh(1)
       rsync(1)
       Time::ParseDate(3pm)
       strftime(3)

AUTHOR

       Dirvish was created by J.W. Schultz of Pegasystems Technologies.

BUGS AND ISSUES

       Fields set in configuration files will override command line options that have been set before the file is read.  This behaviour while con-
       sistent may occasionally confuse.  For this reason most command line options should be specified after any options that may cause a config-
       uration file to be loaded.

       In order to preserve permissions it is necessary for dirvish to run as root on the backup server.

       The root user must have non-interactive ssh access to the client systems.  It is not necessary that this access be as the root user on  the
       client.

       File ownership is preserved using numeric values so it is not necessary to have user accounts on the backup server.  Making the vaults net-
       work accessible using protocols that map UIDs based on names instead of number could allow access controls on files to be violated.

       Making the vaults writable by users will compromise the integrity of the backups.  Therefore any access to the vaults by  users	should	be
       done through a read-only mount.

																	DIRVISH(8)
All times are GMT -4. The time now is 11:02 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy